2022
DOI: 10.1109/access.2022.3153064
|View full text |Cite
|
Sign up to set email alerts
|

Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic Review

Abstract: File-based Time-of-Check to Time-of-Use (TOCTOU) race conditions are a well-known type of security vulnerability. A wide variety of techniques have been proposed to detect, mitigate, avoid, and exploit these vulnerabilities over the past 35 years. However, despite these research efforts, TOCTOU vulnerabilities remain unsolved due to their non-deterministic nature and the particularities of the different filesystems involved in running vulnerable programs, especially in Unix-like operating system environments. … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

0
2
0

Year Published

2022
2022
2022
2022

Publication Types

Select...
1
1

Relationship

0
2

Authors

Journals

citations
Cited by 2 publications
(2 citation statements)
references
References 42 publications
0
2
0
Order By: Relevance
“…Time-Of-Check-To-Time-Of-Use (TOCTTOU) is a present vulnerability in Remote Attestation scenarios [9]. In TOCTTOU, the ED provides evidence of having the appropriate software at the time of the Attestation, but it uses different software when the ED is about to provide services.…”
Section: Time-of-check-to-time-of-use Attackmentioning
confidence: 99%
See 1 more Smart Citation
“…Time-Of-Check-To-Time-Of-Use (TOCTTOU) is a present vulnerability in Remote Attestation scenarios [9]. In TOCTTOU, the ED provides evidence of having the appropriate software at the time of the Attestation, but it uses different software when the ED is about to provide services.…”
Section: Time-of-check-to-time-of-use Attackmentioning
confidence: 99%
“…To overcome this challenge, several works recently proposed Collective RA (CRA) protocols. However, these solutions brought up new open issues [8]: the need of scalables and decentralized key management allowing mobility, the acceptance of intermittent activity of IoT nodes, which is essential for edge computing, and the resistance against the attack Time Of Check To Time Of Use (TOCTTOU) [9], which is barely covered in the State of the Art (SoA). In this paper, we present a solution for these problems through our remote attestation method, RESEKRA.…”
Section: Introductionmentioning
confidence: 99%